© S( 20 QUALYS SECURITY CONFERENCE 2020 


Facts, Myths and Questions. in дим 
Qualys Customer's Mine g | 


Kevin O'Keefe, Giorgio Gheri and Marco Rottigni 
Qualys, Inc. 


Data Quality 


Rubbish In = Rubbish Out 


:— AssetView 


Assets Tags Rules 
Saved Searches + 
operatingSystem is null 
Group assets by v 

Asset Name 05 
192.168.171.4 
192.168.171.124 OS Not Identified 
192.168.171.124 

L 192.168.171.170 OS Not Identified 
192.168.171.170 
192.168.171.134 OS Not Identified 
192 171.134 
192.168.171.123 OS Not Identified 
192.168.171.123 

а 192.168.171.132 OS Not Identified 
192.168.171.132 
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11 Tags and Asset Groups’: |: ` : ; 


Tag Creation 


Tag Creation Turn help tips 


Off Launchhelp 4 


Step 2 of 3 Set the tag type and rules 


1 Tag details «Y Rule Engine (Y REQUIRED FIELDS 


Asset Search | ГС) Re-evaluate rule on save g Creation Turn help tips: On | Off Launch help % 
© Tag Rule Y 


No Dynamic Rule 
3 Review And Confirm Les Kam Contains i Step 2 of 3 Set the tag type and rules 

Groovy Scriptlet 

IP Address In Range(s) 

IP Address In Range(s) + Network(s) 


Open Ports Asset Inventory 
D , o Tag Rule y 
Operating System Regular Expression Re-evaluate rule on save 


Software installed 
ich 3 Review And Confirm Query 


Марр operatingSystem.name:Windows 10 AND (software.name:Chrome OR software.name:Firefox) AND 
Asset Search hardwar 


+ Cloud Asset Search 
Asset Inventory ‚Те category 
Syntax Help 
Add Asset: Select an asset Ше category1 hardware. manufacturer 
¡EMT e.category2 Use quotes or backticks within values to find assets 


having a certain hardware manufacturer. 
Ше lifecycle.stage Example 


(Welle. manufacturer Show any findings that match exact value "Dell" 


hardware.manufacturer: Dell 


1 Tag details Y Rule Engine (") REQUIRED FIELDS 


(Finis) E 
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Tag Uses 


General Information 


Give your scan a name, select a scan profile (a default is selected for you with recommended settings), and choose a scanner from the Scanner Appliance menu for internal scans, 


if visible. 
Title Windows 10 Full Sca В | 
Option Profile: * Authenticated Scan v.2 - (1) *k Select 
Processing Priority 0 - No Priority v 
Scanner Appliance Scanner Appliance not available Edit Mode Edit role(s) and scope 
Choose Target Hosts from User Details > | Allow user full permissions and scope (The user will have full access to everything) 
Each role grants you a set of permissions that will apply to the objects you have access to. 
Tell us which hosts (IP addresses) you want to scan. Profile Settings > Nau 2 
| New role | Search unassigned roles 
D Assets @ Tags A) 0 
les And Scopes 
Assigned roles Remove all = Unassigned roles Add ай = ( 
f D ÓN 
[0 Use IP Network Range Tags Action Log > CAMANAGER Remove Al User Add = 
Choose from tags defined with IP address rules. This will allow you to scan the entire IP range(s) in each 
| selected tag. DEE > CLOUDVIEW User Remove AUDITOR Add 
READER Remove CERTVIEW User Add 
Include hosts that have | Any | | of the tags below. Add Tag CONTACT Add 
F овом 10 x CS User Add + 
Edit Scope 
Do not include hosts that have | Any [у | of the tags below. Add Tag 
| | Allow user view access to all objects (Other permissions are granted by the user's roles) Add Tags to Include 
RS Define what assets the user can access by tags. 
Global Scope Select | Create | Remove An || | 
Г Windows 10 X Recent Tags 
No recent tags 
Favorite Tags 
No favorite tags 
"Y = 
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Cloud Integrations 


Cloud Inventory 


Create Connector ~ 


€  CheckoutApp 


CheckoutApp AWS Prod Account 


C  AcmeDevLab 


ACME Azure Dev Subscription 


(> реутејеАрр 


CheckoutApp AWS Prod Account 


C US2DevLab 


ACME Azure Dev Subscription 


& Testapp 


CheckoutApp AWS Prod Account 


Cy  ReportsEngine 


ACME Azure Dev Subscription 


383031258652 


fob9ea64-abda-452e-adfa-83442409e8fe 


443031258688 


aef9ea64-abda-452e-adfa-83442409e8fe 


583031258677 


&ce9ea64-abda-452e-adía-83442409e8fe 


Success 


Last Synced On March 27, 2018 3:13 PM 


Pending 


Last Synced On March 27, 2018 6:24 PM 
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Total Resource Types 


ACCOUNT 
453031258652 


135767712438 


RESOURCE TYPE 
Security Group 
1АМ User 
Subnet 
м 8 more 

REGIONS 
N. Virginia 
Mumbai 
Ohio 
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71 


178 


364 


1-20f 2 


a 
e—ə—,— —*—.. y — áÓ 
0 26th Feb Sth Mar Bth Mar 9th Mar 14th Mar 19th Mar 20th Mar 
RESOURCE TYPE SERVICE 
Ñ зше УРС 
Ф Network act veg 
© internet Gateway NES 
Œ Load Balancer ЕС2 
Ф instance ЕС2 
ЕЕ Route Table VPG 
№ S3 Bucket 53 
Ф IAMUser IAM 


Last 30 Days Y = 


. 

21st Mar 22nd Mar 24th Mar 26th Mar 
1-11 07 11 

TOTAL RESOURCES RESOURCES FAILED 


32 
25 
3 

52 
36 
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71 


Cloud Assessment 


Amazon Web Service ~ 


Total Controls Evaluated 


POLICY 


CIS Amazon Web S... 


AWS Best Practice... 


CONTROL RESULT 
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Total Evaluations 


CID-41 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 


View Less A 


сю CONTROL МАМЕ 
Policy: CIS Amazon Web Services Foundations Benchmark Platform: AWS 
1 Ensure multi-factor authentication (MFA) is enabled for all IAM users that... 
Policy : CIS Amazon Web Services Foundations Benchmark Evaluation: Check no security allows ingress from 0.0.0.0/0 to port 22. Service: VPC 
2 Ensure console credentials unused for 90 days or greater are disabled Remediation: View Steps Criticality: MEERE 
Policy : CIS Amazon Web Services Foundations Benchmark 
3 Ensure access keys unused for 90 days or greater are disabled Q Search " 
Policy : CIS Amazon Web Services Foundations Benchmark 5 
4 Ensure access key1 is rotated every 90 days or less Actions 1-50 of 62 B 
Policy : CIS Amazon Web Services Foundations Benchmark 
RESOURCE ACCOUNT ID REGION EVALUATED ON RESULT. 
En: access key2 is rotated 90 1 
5 .. ayala bid Seve ore sg-697c6316 383031258652 Oregon 37 minutes ago или Evidence 
Policy : CIS Amazon Web Services Foundations Benchmark 
6 Ensure IAM Password Policy is Enabled sg-ae3fd6c8 383031258652 Sydney 37 minutes ago Evidence 


Policy : CIS Amazon Web Services Foundations Benchmark 


EVIDENCE DETAILS REMEDIATION STEPS 


Perform the following to implement the prescribed state: 
1. Login to the AWS Management Console at https://console.aws.amazon.com/vpe/home 
2. In the left pane, click Security Groups 
3. For each security group, perform the following: 
1. Select the security group 
2. Click the Inbound Rules tab 
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View in AWS Console 
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Azure Integration 


hsrinivasan@qualys.c.. ONE 


Inerabilities (by Qualys) ^ DEVPASSPORTQUALYS (DEFA- Ў 


Remediate vulnerabilities (by Qualys) Ex 


Y Filter 


Security Center - Overview > Recommendations 


Recommendations 


VULNERABILITY NAME ^ VENDOR AFFECT.. ^ STATE SEVERITY 
MONITORING RECOMMENDATIONS TOTAL Enabled DCOM Qualys harivm2 Open O High "ө 
Allowed Null Session Qualys harivm2 Open А Medium ... 
Data collection installation status m 
Enabled Cached Logon Cre... Qualys harivm2 Open А Medium — ... 
_ Machine Information Discl.. Qualys harivm2 Open А Medium — ... 
VIRTUAL MACHINES RECOMMENDATIONS TOTAL Microsoft Windows Explore... Qualys harivm2 Open A Medium waa 
Endpoint Protection not installed 4 of 56 VMs == Windows Explorer Autopla.. Qualys harivm2 Open А Medium — ... 
Missing scan data 1 of 56 VM. Access to File Share is Enab... Qualys harivm2 Open © Low — 
Add a Vulnerability Assessment 
Remediate OS vulnerabilities (by Microsoft) 5 of 56 VN ActiveX Controls Enumerated Qualys harivm2 Open O Low m 
Missing system updates 1of 56 VM "== 
Antivirus Product Not Dete... Qualys harivm2 Open O Low A 
Endpoint Protection health failures 1 of 56 VM4 
Disabled Clear Page File Qualys harivm2 Open © Low с 
Missing disk encryption $ of 56 VM: New > 
Enabled Caching of Dial-up... Qualys harivm2 Open O Low = 
2 of 4 Roles 
= Enabled Display Last Usern Qualys harivm2 Open O Low š 
2 of 56 VM 
аа сар PE Or - File Access Permissions for... Qualys harivm2 Open O Low еа 
Healthy 6 of 60 VM: File Access Permissions for Qualys harivm2 Open Ө Low РРА 
Host Scan Time Qualys harivm2 Open O Low s 
š nc > Hyper-V Host Information... Qualys harivm2 Open © Low ass 
Installed Applications Enu... Qualys harivm2 Open O Low ue 
Internet Protocol version 6 Qualys harivm2 Open O Low А 
IPSEC Policy Agent Service... Qualys harivm2 Open O Low А 
Message For Users Attempt.. Оча!уз harivm2 Open Ө Low aan 


Reporting 


Static Reports 


Fan Rasen 


3 Microsoft XML Core Services Information Disclosure Vulnerabilties (MS 15-084) (3) 


E 120706 
Category Local 

сею СМЕ 20152454, CVE-2015.2440, CVE 2018-2471 
Vendo Reference: MS15:084 

Bugtraq D: 78232 

Service Mode 1102015 

User Modine: 

че fari-067 Ana 24D ci 05251204016) 
PO Vu SACRIS TALI Sir 21018210880) 
p rene) 

Microsoft XML Core Seni а ево 

Stue ot develop XML 51604. метай lath 2007 ence F 
Tris securty update reach В до 9йвоаавбошб) 

by either exposing memor 

= ека. COMPLIANCE: 

This security update is ral Not Applicatie 

10, whi ro afecta 

- Microsoft XML Core Sen EXPLOITABLITY: 

матовой XML Gore Sen There по expotablty отат for his v 
ee ASSOCIATED MALWARE: 

CN nci: “Thare в по гаји maton for ia vna 
pre 

soumon: 844120020 (vina0082 qui com. WIN2008%2) 
Refer io MerosoR Semi Windows Server 2008 R2 Enterprise 64 bit Eton San 
Par сон Оена Network 


Following are links for dow 
MS15-084: Windows Vista 
8100203806) 

MS15-084: Windows Vista 
сс59-47а1-9194-Б04564Ь 
MS15-084: Windows Serv 
927-47d1-a6f0-Seacchat 
MS15-084: Windows Serv 
famiyid-9674bdbf-340e-4 
М515-084: Windows Serv 
báce0bd6-0a0c-4f53-a8fD. 
MS15-084: Windows 7 for 


famayd=7784017e-2e9d— 
МЕТЕ 08а: Windows 7 lr 


familyid=Sbc892f6-1183-4: 
MS15-084: Windows Serv 
 cb9434c5-8251-4210-9fo4 
MS15-084: Windows Serv 
= 169-4 
MS15-084: Windows 8 for 
b45c-12616tac6f77) 
MS15-084: Windows 8 for 
3446-04089986ef65) 
MS15-084: Windows 8.1 f 
frcBaaf3-1519-4247-8e77- 
MS15-084: Windows 8.14 
3919-73bd92390262) 
MS15-084: Windows Serv 
MS 15-084: Windows Serv 
Бе18-03330029060) 
MS15-084: Windows Serv 
927-47d1-a610-Seaccsat 
MS15-084: Windows Serv 


MS 15-084: Windows Server 2008 R2 for x84-based Systems Service Pack 1 (htips-/Mww microsoft comidownlcads/details aspx ?tamilyid= 


MS15-084: Windows Server 2012 (https://www microsoft com/downioadsidetails.aspx?familyid-d73bc:347-907-4cüd-aSdc- 140005 140800) 
MS15-084: Windows Server 2012 R2 (https) www microsoft. com/downloads/details aspx?amilyid-e6514152-faaS-4786- 


MS15-084: Microsoft Office 2007 Service Pack 3 (hips:/hwww microsoft com/downloads/details aspx7tamilyid=0381733t- 


First Detected: 07 Jul 2018 09:57:05 PM (GMT«0000. 
Last Detected: 14 Jan 2020 09-47-58 РМ (GMT+000C 
Times Detected: 533 

Last Fixed: 06 Jan 2020 09:19:43 PM (GMT+0000) 


CVSS Environment: 
Asset Group: ‘Qualys Demo ext 
Collateral Damage Potential: Not Defined 
Target Distribution: Not Defined 
‘Confidentiality Requirement: Not Defined 
Integrity Requirement: Not Defined 
‘Availabilty Requirement: Not Defined 

RESULTS: 


Sowindireiaystem32\Msxmi3.dl Version is 8.110.760 
Siwindirkisystem32\Msimni6 di Version is 6.30.7601 


64.41 200.248 (tm-win ttm. qualys com, TRN-WINB1) 
- Windows 8.1 Enterprise 
Global Default Network 


First Detected: 16 Jul 2018 08:57:30 РМ (GMT +0000 
Last Detected: 15 Oct 2018 09:42:27 PM (GMT+0000 


Times Detected: 2 

Last Fixed: МА 

CVSS Environment 
Asset Group: ‘Qualys Demo ext 
Collateral Damage Potential: Not Defined 
Target Distribution: Not Defined 
‘Confidentiality Requirement Not Defined 
Integrity Requirement Not Defined 
‘Availabilty Requrement: Not Defined 

RESULTS: 


‘Swwindirisystem32\Msxmi3 da Version is 8.110.960 


64.41.20 249 (tm-win2012-de tm qualys.com, TRN-WIN2012-DC) 


‘%windir%\system32\Msxmi6 di Version is 6.30.9600.16384 


- Windows Server 2012 Standard 64 bit Edition AD 


Global Default Network 


DNS NetBIOS Tracking NOS 
штап A TRN-WIN: IP Windows host scan 
win 20082 WIN2008F IP 
trn-win7.t TRN-WIN;IP 
in2008r2 WIN2008R IP 
‘trn-win7.t TRN-WIN: IP 
‘win2008r2 WIN2008R IP 


First Detected: 23 Feb 2018 12:51:27 AM (GMT+0000) 
Last Detected: 14 Jan 2020 09:41:41 РМ (GMT+0000) 
Times Detected: 634 

Last Fixed: 06 Jan 2020 09:19:39 PM (GMT+0000) 


Windows host scanr 
Windows host scanr 
Windows host scanr 
Windows host scanr 
Windows host scanr 


CVSS Environment i 
pr Ge Domi adrian trn-win7 TRN-WIN; IP. Windows host scanr 
Collateral Damage Potential: Not Defined win2008r2 WIN2008F IP Windows host scanr 
Target Distribution: Not Defined trn-win7.t TRN-WIN; IP Windows host scanr 
Citas pa Ma DON win2008rz Windows host seant 
AwalubihyRequrement Not Defined ‘trn-win7.t TRN-WIN;IP. Windows host scanr 

win2008r2 WIN2008F IP Windows host scanr 

RESULTS: trn-win7.t TRN-WIN; IP. Windows host scanr 


‘windir%\system32\Msxmi3 di Version is 8.10.9200 16384 


win2008r2 WIN2008R IP 
%windir%\system32\Mssmiß di Version is 6 30 9200 16384 


‘trn-win7.t TRN-WIN;IP. 
‘win2008r2 WIN2008R IP 
trn-win7A TRN-WIN;IP. 
Win2008r2 WIN2008K IP 


Windows host scanr 
Windows host scanr 
Windows host scanr 
Windows host scanr 


3 Google Chrome Prior to 48.0.2564.109 Multiple Vulnerabilities (1) 
Windows host scanr 


ор: 124693 1 
ë He ‘win2008r2 WIN2008R IP Windows host scanr 
CVE ID: CVE-2016-1622, CVE-2016-1623, CVE Win2008r2 WIN2008R IP Windows host scanr 
 CVE-2016-t627 ‘win2008r2 WIN2008K IP Windows host scanr 
Watapak Donc trn-winZ.ETRN-WINZIP Windows host scanr 
Bugtraq ID: 83125 an 
Бьет 9 пољане ‘win2008r2 WIN2008R IP Windows host scanr 
User Modified: k trm-winZ.ETRN-WINZIP Windows host scanr 
Edited: No ‘win2008r2 WIN2008R IP Windows host scanr 
ме „ ‘win2008r2 WIN2008R IP Windows host scan’ 
‘win2008r2 WIN2008R IP Windows host scanr 
THREAT: ‘win2008r2 WIN2008K IP Windows host scanr 


Windows host scanr 
Windows host scanr 
‘Windows host scanr 
Windows host scanr 


Google Chrome is a web browser for multiple platforms developed win2008r2 WIN2008R IP 
Tre Googe Crome update este folowing „nern: yin2008r2 WINZOOBRIP 
СУЕ 2016-1673: Бате суп bypass in DOM. ‘win2008r2 WIN2008R IP 
GVE 2016-1625: Navigation Брава n Chrome Instant. trn-win81 TRN-WINEIP 
 CVE-2016-1626- Out-of-bounds read in PDFium. ‘trn-win7.t TRN-WIN;IP. 
 CVE-2016-1627: Various fixes from internal audits, fuzzing and ot! J 

= weonneez winaonan 1D 
Google Chrome versions prior to 48.0.2564 109 are affected. 


Windows host scanr 


Windows haet crane 


IMPACT: 
‘Successful exploitation of these vulnerabilities could allow a remote attacker to bypass certain security restrictions, obtain sensitive 
information, execute arbitrary code or cause a denial of service condition on the system. 


SOLUTION: 

{Customers are advised to upgrade to Google Chrome 48 0 2564 109 (hum google comichrome) ога later version. 
aich: 

Following are links for downloading patches to fix the vulnerabilties: 

‘Google Chrome: MAC OS X (https ¿www google.comichrome/browseridesktop/index htmi#eula) 

Google Chrome: Windows (hitps:/Iwwww google com/chrome/browserifeula) 


COMPLIANCE: 
Not Applicable. 


IP Status QID 


CVSS: 32 CVSS3:- Active 


Title 
372325 MozillaFir Active 
372325 MozillaFir Active 
372324 Mozilla Fii Active 
372324 Mozilla Fii Active 
372276 Mozilla Fit Active 
372276 Mozilla Fit Active 
372186 Google Ch Active 
372186 Google Ch Active 
372136 Mozilla Fii Active 
372136 Mozilla Fit Active 
372102 Mozilla Fit Active 
372102 Mozilla Fit Active 
372073 Google Ch Active 
372073 Google Ch Active 
371849 Mozilla Fii Active 
371849 Mozilla Fit Active 
371848 Google Ch Active 
371848 Google Ch Active 
371361 Adobe Sei Active 
371330 Adobe Sei Active 
371265 Oracle Jav Active 
371216 MozillaFir Active 
371216 MozillaFir Active 
371173 Mozilla Fii Active 
371173 Mozilla Fil Active 
371138 Adobe Fla Active 
371079 Oracle Jav Active 
371052 Adobe Fla Active 
370934 Adobe Fla Active 
370887 Oracle Jav Active 
370869 Adobe Sei Active 
370861 Microsoft Active 
370861 Microsoft Active 
270819 adnha Fla Active 


Vuln Statu Type 


Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
Vuln 
vun 
vuln 
vuln 
vuln 
vuln 
vuln 
vuln 
vuln 
vuln 
vuln 
vuln 
vuln 
vuln 


Severity Port 


Protocol 


корм ss. 


First Dete Last Detec Times Det Date Last [CVE ID 


gun 01/14/202 
ii 01/14/202 
ernten 01/14/202 
Hesse 01/14/202 
ee 01/14/202 
uen 01/14/202 
gue 01/14/202 
Hesse 01/14/202 
Hesse 01/14/202 
ii 01/14/202 
un 01/14/202 
uen 01/14/202 
desi 01/14/202 
Hesse 01/14/202 
06/19/201 01/14/202 
06/19/201 01/14/202 
06/19/201 01/14/202 
06/19/201 01/14/202 
Hesse 01/14/202 
11/21/201 01/14/202 
10/17/201 01/14/202 
09/25/201 01/14/202 
09/25/201 01/14/202 
жининин 01/14/202 
Hesse 01/14/202 
08/15/201 01/14/202 
07/18/201 01/14/202 
ue 01/14/202 
essen 01/14/202 
Hesse 01/14/202 
Hesse 01/14/202 
07/16/201 10/15/201 
04/13/201 01/14/202 
pd 


6 CVE-2019- MFSA2020-03 
6 CVE-2019- MFSA2020-03 

6 С\Е-2019- mfsa2020-01, mfsa2( 
6 CVE-2019- mfsa2020-01, mfsa2( 


36 ita CVE-2019- MSFA2019-37, МЕЗА. 
36 its CVE-2019- MSFA2019-37, МЕЗА. 
73 sett CVE-2019- Google Chrome 
73 венн CVE-2019- Google Chrome 

102 si CVE-2019- MFSA2019-31 

102 _ñititsttititts CVE-2019. MFSA2019-31 

125 its CVE-2019- MFSA2019-27, MFSA 

125 женен CVE-2019- MFSA2019-27, MFSA 

124 fit CVE-2019- Google Chrome 

124 fit CVE-2019- Google Chrome 

208 ######## CVE-2019- MFSA2019-18 

208 fest CVE-2019- MFSA2019-18 

203 seii CVE-2019- Google Chrome 

203 iiit CVE-2019- Google Chrome 

404. #88 CVE-2018- APSB18-4; 106116, 1C 

419 Art CVE-2018-APSB18-4 105954 

445 im CVE-2018- Oracle Jav 105591, 1C 

475 нежевине CVE-2018- MFSA201 105276, 1C 

470 fette CVE-2018- MFSA201: 105276, 1C 

аза. fette CVE-2018- MFSA201 101665, 1С 

489 #88 CVE-2018- MFSA201 101665, 1С 

510 тїтїнїн CVE-2018- APSB18-2:105066,1C 

536 нежевене CVE-2018- Oracle Jav 104774, 1C 

544 ts CVE-2018-APSB18-2 104698 

547 ts CVE-2018-APSB18-1 104101 

545 seine CVE-2018- Oracle Jav 103832, 1C 


547 жененин CVE-2018-APSB18-0 103708 
2 CVE-2018- Microsoft 103593 
607 ннниниии СМЕ-2018- Microsoft 103593 


Vendor Re Bugtraq IL CVSS 


CVSS Base CVSS Tem CVSS Envi CVSS3 


Cvss: 


6.2 7.5 (AV:N/6.2 (E:F/RI Asset Group: All IPs, Collat 
6.2 7.5 (AV:N, 6.2 (E:F/RI Asset Group: All IPs, Collat 


5.3 6.8 (AV:N/5.3 (E:POC Asset Gro! 
5.3 6.8 (AV:N/5.3 (E:POC Asset Gro! 

5 6.8 (AV:N/5 (E:U/RL: Asset Grot 

5 6.8 (AV:N/5 (E:U/RL: Asset Grot 
5.6 6.8 (AV:N/5.6 (E:F/RI Asset Grol 
5.6 6.8 (AV:N) 5.6 (E:F/RI Asset Gro! 
3.2 4.3 (AV:N, 3.2 (E:U/R Asset Gro! 
3.2 4.3 (АУ:М 3.2 (E:U/R Asset Gro! 
6.9 9.3 (AV:N, 6.9 (E:U/R Asset ror 
6.9 9.3 (AV:N/6.9 (E:U/R Asset Gro! 
3.2 4.3 (AV:N, 3.2 (E:U/R Asset Grot 
3.2 4.3 (AV:N, 3.2 (E:U/R Asset Grot 
5.9 7.5 (AV:N 5.9 (E:POC Asset Gro! 
5.9 7.5 (AV:N/5.9 (E:POC Asset ror 
3.2 4.3 (AV:N, 3.2 (E:U/R Asset Grot 
3.2 4.3 (AV:N, 2.2 (E:U/R Asset Grot 
8.7 10 (AV:N/ 8.7 (E:H/R Asset Gro! 
7.8 10 (AV:N/ 7.8 (E:POC Asset Gro! 

5 6.8 (AV:N/5 (ESU/RL: Asset Grot 
3.3 4.4 (AV:L/ 3.3 (E:U/R Asset Grot 
3.3 4.4 (AV:L/ 3.3 (E:U/R Asset Grot 
5.5 7.5 (AV:N/5.5 (E:U/R Asset Gro! 
5.5 7.5 (AV:N/5.5 (E:U/R Asset Gro! 
5.9 7.5 (AV:N/5.9 (E:POC Asset Gro! 

5 6.8 (AV:N/5 (ESU/RL: Asset Grot 

5 6.8 (AV:N/5 (E:U/RL: Asset Grot 
7.4 10 (AV:N/ 7.4 (E:U/R Asset Grot 
4.3 5.8 (AV:N/4.3 (E:U/R Asset Gro! 
7.8 10 (AV:N/ 7.8 (E:POC Asset Gro! 
7.3 9.3 (AV:N 7.3 (E:POC Asset го 


7.3 9.3 (AV:N/7.3 (ЕРОС Asset Gral 
TA n DAN A Пела accat сте 


7.8 8.8 (A 
7.8 8.8 (A 
7.6 8.8(A 
7.6 8.8(A 
7388(A 
79 8.8 (А 
38.43 (A 
28 4.3 (A 
&598(A 
8598(A 
5765(А 
5765(А 
7988(A 
7988(А 
5765(A 
5.7 6.5(A 
349.8(A 
8898(A 
7.8 9 (AV: 
6.17 (AV: 
6.17 (AV: 
8598(A 
8598(A 
&89.8(A 
78/9 (AV: 
7788(A 
&598(A 
2283(A 
8898(A 
7388(A 


79 8.8 (А 
асал 
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Dashboards 


VULNERABILITIES BY SEVERITY 


1.82K 
1.72K 


760 
468 
ES = 
— 
4 3 5 2 | 


VULNERABILITIES BY ТУ 


LICENSE CATEGORY 


TOP PUBLISHERS 


EOL OPERATING SYSTEM 


Windows 10 
Windows 7 


Windows 8 


У 37.50% 


8 
5 
3 3 
Í | | Е | | 


Qualys 


Google 


BitRock Microsoft ImageMagick OpenBSD Python VMware 


1 1 
Avast Chris 
Software Allegretta 
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API / Plugins 


IBM QRadar Security Intelligence 


Dashboard Offenses LogActivity NetworkActivity Assets Reports Admin Qualys App for QRadar ystem Time: 4:54 PM 


Start Date-Time: (2017-05-06 17:00 End Date-Time: 2017-10-27 17:04 Search 
Active Hosts > Detections by Severity > Detections by Status > Detections by Type 

200 
175 
150 
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75 splunk 

> H a 

25 Dashboard Hosts IP Lookup Knowledgebase Qualys Vulnerability Search Reports v Search for Vulnerabilities 

o mm 

1 2 3 4 5 
Dashboard Em J| Exot v 
Total Hosts OS distribution Total Vulns by Status 


Top 10 Hosts Not Scanned in Last 30 Days 


150,000 
1D IP Last Scanned On à " 
other (276) Linux 2.4 
10.10.10.64 43953665 2011-08-05 15:33:03 


10.10.10.73 43953669 2011-08-05 15:33:04 m 100,000 


10.10.10.136 43953678 2011-08-05 15:33:06 — Mac... 
Ш mozo 
10.10.10.176 43953688 2011-08-05 15:33:09 50,000 Bl now 
10.10.10.174 43953687 2011-08-05 15:33:09 Wo 
10.10.10.172 43953685 2011-08-05 15:33:09 |, 1 : 
10.10.21.20 43953908 2011-08-05 15:33:40 eom adiu же cad ica 
10.10.21.19 43953907 2011-08-05 15:33:40 ыа 
10.10.2173 43953924 2011-08-05 15:33:42 
Most Prevalent Vulnerabilities 
None None None 
QD - | TITLE CATEGORY SEVERITY HOST_COUNT 
105456 EOL/Obsolete Software: Microsoft Internet Information Services (IIS) 5 x Detected Security Policy 5 28976 
86476 Web Server Stopped Responding Web server 3 21443 
27002 Writeable Root Directory on FTP Server File Transfer Protocol 5 19806 
105359 /Obsolete Operating System: Microsoft Windows 2000 Detected Security Policy 5 15977 
50008 Qualcomm Qpopper Remote Execution Vulnerability Mail services 5 
74019 Qualcomm Qpopper E-mail Spoofing Vulnerability Mail services 3 
74084 Qualcomm Qpopper Unsafe fgets() Vulnerability Mail services 3 
38628 SSL/TLS Server supports TLSv1.0 General remote services 
38601 SSL/TLS use of weak RCA cipher General remote services 3 
90882 Windows Remote Desktop Protocol Weak Encryption Method Allowed Windows 3 821 


Integrations 


Integrations / Use Cases 


Data Extraction 

Long-term data retention for Audit 

Ticket generation for task tracking 
Unifying Multiple Qualys subscriptions 
Cross-correlation of enterprise data sets 
Playbook integrations (Splunk -> Phantom) 
CMDB population and data syncing 


Operational Automation 
Automatic asset onboarding and clean-up (ex: purging and adding assets) 


Qualys health check automation 
(ex: Scanner utilization tracking, API limit tracking) 
Scan/Re-scan on Demand 


CI/CD Integrations (Out-of-box and custom) 
t : о ° I 0 (9 Qualys. 


Digital Biodiversity 


Dominate the Digital Biodiversity! 


observabilig, 


Why is Qualys better? 

CLOUD-BASED 
MICROSERVICES 
ARCHITECTURE 


© ualys. 


Global IT Resources 


Ф All Tags (12/12) All Business Units E) All Locations Last 90 days 


ASSETS WITH ZERO-DAY ү IISSI IL INDICATION OF COMPROMISE ASSETS CIS FAILED CONTROLS 
VULNERABILITIES 


200 A usss 2.5k (8%) : | ' к ) 58 Ў мани 2.5K (2.3%) 92K 2 моа 265К (35%) 


Global ІТ Asset Inventory 


MANAGED ASSETS BREAKDOWN 


2.5K total 


em 


Virtual Cloud Server Network Remote Terminal 
Machines Instances Desktosps Notebooks Loadb.. Sec man. Serv. 
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